[php-maint] Bug PHP xsl CVE-2012-0057.patch
Thijs Kinkhorst
thijs at debian.org
Tue Jan 31 12:35:17 UTC 2012
On Tue, January 31, 2012 10:33, grok at no-log.org wrote:
> Hi,
>
> I don't know who I'm sending this message to the right address:
> A recent update in debian 6.0.4 broke php5-xsl.
>
> I found the bug in patch: CVE-2012-0057.patch
> On line 478 of the patched file ext/xsl/xsltprocessor.c:
> Should be : int secPrefsError=0;
> Instead of: int secPrefsError;
>
> Otherwise you will always get the error:
> warning: XSLTProcessor::transformToXml() [xsltprocessor.transformtoxml]:
> Can't set libxslt security properties, not doing transformation for
> security reasons
Thank you for letting us know. A regression fix is already in preparation
and will be released later today.
Cheers,
Thijs
More information about the pkg-php-maint
mailing list